A Year Later, Obamacare Website Still a Security Nightmare

More than a year after egregious security failures in the government’s healthcare website were exposed in congressional hearings, data remains compromised and the ill-fated site is still subject to cyberattacks and vulnerable to massive identity theft.

In fact, just this week Judicial Watch obtained documents from the government that show a possible mass breach of the privacy of innocent Americans involving the disastrous Obamacare website (Healthcare.gov). The records, from the U.S. Department of Health and Human Services (HHS), also reveal that top officials with the Centers for Medicare and Medicaid Services (CMS) knew of massive security risks with the healthcare website but chose to roll it out without resolving the problems.

When the Obamacare internet drama blew up in the administration’s face the Department of Homeland Security (DHS) was called to help clean up, according to the records recently made public by JW. Electronic mail exchanges between various DHS and CMS officials indicate that White House pressure to promote a “robust” digital Obamacare ad campaign allowed private information of Healthcare.gov users to be shared with advertisers. The email chain pushing this controversial use of citizen information includes a security expert’s assessment that security was an “afterthought” on the Obamacare website, that 70,000 Healthcare.gov records were easily viewed using Google and that the official in charge was fired for not signing off on the website’s security.

As if this weren’t bad enough, the records obtained by JW this week also show that DHS’s secret involvement in trouble shooting also gave the agency access to private information. It’s still unclear what intimate health data was shared with DHS by the Obama administration, but the fact remains that the agency has no business accessing the confidential health information of unsuspecting Americans. Furthermore, it was pressure from a president desperate to boost enrollment in his highly unpopular healthcare takeover that led to one of the worst breaches of citizens’ privacy.

The other Healthcare.gov failures involve negligence and incompetence, very commonly seen in government. During a congressional hearing more than a year ago, an information security technology expert testified that the Obamacare website has “massive flaws” and doesn’t incorporate security into testing. The website doesn’t have a dedicated security operations center or the capabilities of detecting attacks, according to the expert, David Kennedy, who runs an Ohio-based company called TrustedSec. Kennedy worked for the U.S. Marine intelligence community then became the chief security officer of a Fortune 100 company before starting TrustedSec.

He told the congressional panel that only insiders at HHS can know the true scope of the security flaws within the website, though it’s evident there are many. “All I know is that I would be very concerned about what we found,” Kennedy told lawmakers from the House Committee on Science, Space and Technology at the January 2014 hearing. The technology security expert also revealed that this sort of problem spans all of the government, both at federal and state levels. Kennedy also offered the findings of highly respected security experts who share in this assessment.

In the case of Healthcare.gov we know that a team made up entirely of Obama minions, including the design manager for the president’s 2008 campaign and the White House Deputy Director of New Media, were responsible for designing the website. JW revealed this back in 2013 as part of its ongoing investigation into the healthcare boondoggle. Adding insult to injury, the government officials in charge of Obamacare’s tumultuous implementation and disastrous health exchange website quietly received tens of thousands of dollars in performance bonuses and other taxpayer-funded perks. JW obtained records documenting that enraging reward system back in August of last year and will continue investigating the scandals surrounding the president’s hostile takeover of the nation’s healthcare system.

The motto of Judicial Watch is “Because no one is above the law”. To this end, Judicial Watch uses the open records or freedom of information laws and other tools to investigate and uncover misconduct by government officials and litigation to hold to account politicians and public officials who engage in corrupt activities.